I’d like to implement a user attribute that is encrypted by the user’s password which can then be accessed as a client protocol mapper. Here’s my use-case. Future releases of Nextcloud will allow setting a per-user encryption key via SAML:
While I can create a custom attribute for each user in Keycloak, it would be stored in plain-text. I’d like it to be encrypted by the user’s credentials, instead. I don’t think this is currently possible in Keycloak, and I think I can build it, but I thought I’d ask to see if it’s possible (and if not, maybe I could get some pointers).